1

Distributed DNS

best practices to build redundant, reliable architecture

By Ladislav Vobr SE/SOP/I&eS,Etisalat

2

Outline

• Introduction• Different DNS roles• Authoritative• Caching• ccTLD• Internal• Best Practices / Recommendations• Increasing the availability• L4-7 switching / Anycast• Service Monitoring• Latest DNS Features Trends• Conclusion

3

Introduction

• What is DNS?

• DNS & Internet

• The Importance of DNS Service

4

Different DNS roles

• Authoritative/non-recursive

• Caching/Recursive

• ccTLD

• The Root Servers

• Recursive

5

Best Practices

• Separate geographically

• Separate the functionality

• Separate Access

• Use well defined SOA, TTL

• Use consistent NS records

6

Scaling performance / Availability

• Authoritative only servers- Build it mechanism using RTT

• Caching Services- Scaling vertically - brings huge cost & doesn’t improve

availability- Scaling horizontally – reduce the cost, but needs some

configuration

a) Cluster (one active / one standby ) b) L4-7 switches (complicated, more features)c) ANYCAST (simple / simple balancing)

7

L4-7 switching

• Better l4-7 filtering

• Better load distribution

• Geographical failover not standarized

• Complicated management

• Another point of failure (two switches required)

8

Anycast Routing

• Simple idea• Using standard protocols• Supports broad range of routing protocols• Simple load balancing only• Not able to filter traffic based on l4-7• Acts as a router, easy troubleshooting• No additional hardware required• Free tools available / zebra / ospfd ….

9

Important features in Bind

• TSIG/DNSSEC

• NOTIFY

• NSUPDATE

• IDN

• IPV6

• RNDC FLUSH

• RNDC RECURSING

10

Service Monitoring

• Monitor CPU

• Monitor Number of REQUESTS

• Monitor Recursive QUEUE

• Monitor Traffic Rates

• Monitor BOGUS servers

11

Popular links

• http://www.isc.org

• http://www.bind9.org

• http://www.bind.org

• http://zebra.org

• http://rrdtool.de

• Mailing list: bind-users@isc.org

12

Thank You